Vulnerability Description
A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the extractImageSection function in tools/tiffcrop.c, resulting in a denial of service and limited information disclosure. This issue affects libtiff versions 4.x.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Libtiff | Libtiff | >= 4.0, <= 4.5.0 |
Related Weaknesses (CWE)
References
- https://gitlab.com/libtiff/libtiff/-/issues/536%2C
- https://gitlab.com/libtiff/libtiff/-/issues/537ExploitIssue Tracking
- https://support.apple.com/kb/HT213844
- https://gitlab.com/libtiff/libtiff/-/issues/536ExploitIssue Tracking
- https://gitlab.com/libtiff/libtiff/-/issues/536%2C
- https://gitlab.com/libtiff/libtiff/-/issues/537ExploitIssue Tracking
- https://support.apple.com/kb/HT213844
FAQ
What is CVE-2023-1916?
CVE-2023-1916 is a vulnerability with a CVSS score of 6.1 (MEDIUM). A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the extractImageSection function in tools/tiffcrop.c, res...
How severe is CVE-2023-1916?
CVE-2023-1916 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-1916?
Check the references section above for vendor advisories and patch information. Affected products include: Libtiff Libtiff.